Invicti identified a cookie used as Anti-CSRF Token.
During a cross-site scripting attack, an attacker might easily access cookies and hijack the victim's session even if cookie is marked as HttpOnly
. If the cookie is not the session cookie you can ignore this issue.
Avoid the usage of session cookie as Anti-CSRF Token.
You can search and find all vulnerabilities